Experts at the Department of Homeland Security have indicated it is only a “matter of time” before hackers manage to interfere with a commercial airliner, leading to a potentially “catastrophic disaster,” according to a report from CBS News on Tuesday.
These experts claim that hackers could breach airplane systems by targeting flaws in the radio software used on commercial flights.
“Potential of catastrophic disaster is inherently greater in an airborne vehicle,” read official documents first seen by Motherboard and disclosed in a report there last week. “[It’s] a matter of time before a cybersecurity breach on an airline occurs.”
“Today’s commercial aviation backbone is built upon a network of trust; most commercial aircraft currently in use have little to no cyber protections in place,” the report continued.
In 2016, members of the DHS Security Team claimed to have succeeded in hacking systems of a Boeing 747. Robert Hickey, from the Cyber Security Division of the DHS, said his staff had “accomplished a remote, non-cooperative penetration.”
“We got the airplane on September 19, 2016,” Hickley said. “Two days later, I was successful in accomplishing a remote, non-cooperative, penetration. … [Which] means I didn’t have anybody touching the airplane, I didn’t have an insider threat. I stood off using typical stuff that could get through security and we were able to establish a presence on the systems of the aircraft.”
However, Boeing has denied that DHS identified any serious vulnerabilities in the aircraft’s software.
“Boeing observed the test referenced in the DHS documents, and we were briefed on the results. We firmly believe that the test did not identify any cyber vulnerabilities in the 757, or any other Boeing aircraft,” the company said in a statement last November.
“Boeing is confident in the cyber-security measures of its airplanes,” it continued. “Multiple layers of protection, including software, hardware, network architecture features, and governance are designed to ensure the security of all critical flight systems from intrusion.”
Former assistant director of the FBI Ron Hosko told CBS News that he feared companies would only take serious cybersecurity steps on the back of a serious incident.
“I think we’ve come to realize that cyberthreat is everywhere,” Hosko said. “My fear is that our nation acts most directly when they’re on the backside of a crisis. The crisis has occurred we lose a lot of lives and now we’re prepared to put money into infrastructure.”
However, Hosko is just one of many figures to warn about the risks of cybersecurity and cyber terrorism as methods of hacking continue to become more advanced.
The last major attack on commercial airliners in the United States was 9/11, leading to increased airport security to prevent individuals from accessing weapons of destructive items on board an aircraft.
In a statement, the DHS affirmed that it “takes aviation cyber security seriously and works with both researchers and vendors to identify and mitigate vulnerabilities in the aviation sector.”
“The aviation industry, including manufacturers and airlines, has invested heavily in cybersecurity and built robust testing and maintenance procedures to manage risks,” it added.